Lucene search
K

192 matches found

Prion
Prion
added 2008/07/07 11:41 p.m.22 views

Design/Logic Flaw

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List CRL checks by using an arbitrary URL from a certificate embedded in a 1 S/MIME e-mail message or 2 signed document, which allows remote attackers to obtai...

7.5CVSS7.1AI score0.17404EPSS
Exploits0References14Affected Software17
Cvelist
Cvelist
added 2008/07/07 11:0 p.m.35 views

CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List CRL checks by using an arbitrary URL from a certificate embedded in a 1 S/MIME e-mail message or 2 signed document, which allows remote attackers to obtai...

6.6AI score0.17404EPSS
Exploits0References14
CVE
CVE
added 2008/07/07 11:0 p.m.65 views

CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...

7.5CVSS6.7AI score0.17404EPSS
Exploits0References14Affected Software17
Exploit DB
Exploit DB
added 2008/03/31 12:0 a.m.25 views

Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure

source: https://www.securityfocus.com/bid/28548/info Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically triggered when validating X.509 certificates. Successful exploits allow attackers to...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/03/31 12:0 a.m.15 views

Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure

Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure source: https://www.securityfocus.com/bid/28548/info Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically trigger...

7.3AI score
Exploits0
Prion
Prion
added 2007/07/23 11:30 p.m.15 views

Authentication flaw

Rule Set Based Access Control RSBAC before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked...

6.4CVSS7.6AI score0.0248EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2007/07/23 11:0 p.m.42 views

CVE-2007-3945

CVE-2007-3945 affects Rule Set Based Access Control (RSBAC) versions prior to 1.3.5. The issue stems from improper use of the Linux Kernel Crypto API for Linux kernel 2.6.x, which could allow context-dependent attackers to bypass authentication controls via unspecified vectors (e.g., potential is...

6.4CVSS7.2AI score0.0248EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/07/23 11:0 p.m.22 views

CVE-2007-3945

Rule Set Based Access Control RSBAC before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked...

7.2AI score0.0248EPSS
Exploits0References6
securityvulns
securityvulns
added 2006/05/09 12:0 a.m.44 views

SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research https://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-003 Advisory Title: Cisco Secure ACS for Windows - Administrator Password Disclosure Author : Andreas Junestam Release Date : 05-08-2006...

7.2CVSS1.4AI score0.00361EPSS
Exploits0
NVD
NVD
added 2005/05/02 4:0 a.m.26 views

CVE-2005-0968

Computer Associates CA eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API...

5CVSS6.6AI score0.01763EPSS
Exploits0References1
securityvulns
securityvulns
added 2005/04/07 12:0 a.m.23 views

Computer Associates eTrust Intrusion Detection IDS DoS

Buffer overflow on Microsoft Crypto API CPImportKey call...

3.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/04/06 12:0 a.m.34 views

iDEFENSE Security Advisory 04.05.05: Computer Associates eTrust Intrusion Detection System CPImportKey DoS

Computer Associates eTrust Intrusion Detection System CPImportKey Denial of Service Vulnerability iDEFENSE Security Advisory 04.05.05 www.idefense.com/application/poi/display?id=223&type=vulnerabilities April 05, 2005 I. BACKGROUND Computer Associates International, Inc.'s CA eTrust Intrusion...

0.3AI score
Exploits0
Rows per page
Query Builder